Key Facts
- PowerShell ActiveDirectory module provides cmdlets for user, group, and OU management
- Bulk operations reduce manual admin time from hours to minutes
- Password policies enforce complexity and prevent reuse across 1000s of users
- Import-Csv enables batch operations from Excel or CSV files
Bulk User Creation from CSV
Create 100 users in minutes instead of hours. CSV files provide data, PowerShell automates the rest:
# Import-Users.ps1
$csvPath = "C:\users\newusers.csv"
$users = Import-Csv $csvPath
foreach ($user in $users) {
$displayName = "{0} {1}" -f $user.FirstName, $user.LastName
New-ADUser -Name $displayName `
-GivenName $user.FirstName `
-Surname $user.LastName `
-SamAccountName $user.Username `
-UserPrincipalName "$($user.Username)@example.com" `
-Path "OU=Users,DC=example,DC=com" `
-AccountPassword (ConvertTo-SecureString $user.Password -AsPlainText -Force) `
-Enabled $true
Add-ADGroupMember -Identity $user.Department -Members $user.Username
Write-Host "Created user: $displayName"
}
Password Management & Security
Enforce strong passwords and reset policies at scale:
# Reset password for all users in IT department
$itUsers = Get-ADGroupMember -Identity "IT" -Recursive
foreach ($user in $itUsers) {
$newPassword = [System.Web.Security.Membership]::GeneratePassword(16, 3)
Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString $newPassword -AsPlainText -Force) -Reset
# Send password to user (not shown for security)
Write-Host "Reset password for $($user.SamAccountName)"
}
Key Takeaways
- Use Get-ADUser, New-ADUser, Set-ADUser for user management
- Import-Csv enables bulk operations from files
- Automate group membership with Add-ADGroupMember
- Secure passwords with ConvertTo-SecureString